CCPA or the California Consumer Privacy Act came into effect on 1-January-2020. It is one of the first acts of this kind in the United States of america. CCPA is data privacy law regulated statewide in california. This law regulates how companies or firms around the world handle PI (Personal Information) of california locals.

Who does CCPA apply to?

CCPA law is applicable to any company or firm, whose annual gross profit is more than 25 million dollars or receives, processes, or transfers data from over 50,000 Californians annually or minimum 50% of annual revenue comes from selling Californians PI (Personal Information).

California Consumer Privacy Act

What are the user rights under CCPA?

According to the CCPA, Californians are permitted with few important rights. Californians have the Right to know, Right to delete, Right to non descrimination, and Right to opt-out.

User rights under CCPA

What is Data Mapping?

Connecting a data field from one source to another data field in another source is Data Mapping. Data Mapping minimizes the possible errors, it helps making data systemized, It even helps tally the data.

The company should know the information that is being collected, then map the flow of data, and create an inventory. Lastly, have a method to classify the collected information.

Data Mapping

Personal Information

Any customer information that identifies, describes, relates to, is linked to, or could be related to, direct or indirect, to a customer or their household is defined as PI(Personal Information).

According to the CCPA, data doesn’t have to be directly related to an individual for it to qualify as personal information. Personal data may also include information linked to a household or an individual’s device.

Steps to create Comprehensive Privacy Policy

Purpose


Inform consumers of your intentions at or before the point of data collection.

Languagr


Should be available in the languages in which your business provides information in California.

Implementation

Make the information be available in either a banner or pop-up for when the user visits your site (consider using CMP).
Give an option for the user to Opt-Out(“Do Not Sell”)

Update

Update the information and 'effective date' of the policy every 12 months.

Transparency

Ensure the date of the last update is clearly visible.

Data Sold


List all the categories of personal information your business has sold in the past 12 months.

An option to OPT OUT

Customers need to have an option to opt out. This has to be easily accessible to the customers.

Do Not Sell


Include a “Do Not Sell”- Link (Opt-Out) easily available on your homepage (use Consent Management Platform)

Obtain explicit consent


Minors : Obtain explicit consent (opt-in) from parents or legal guardians before processing minors’ between the ages of 13 and 16 personal data.

Opt-in again


Ask for opt-in again, only 12 months after the consumer has opted-out.

Consumer Rights Requests

Every Californian has the right to object in selling their PI (Personal Information) to any third party. Additionally if a consumer had denied or objected in selling their data, the company cannot ask the customer to consent again for next 12 months from the date of objection.

Mobile Development

Let us see how a company can provide Consumer Rights Requests.

Submit

A System has to be setup to submit Consumer Rights Request - Provide at least two contact options e.g. toll-free phone number,webform, Email

Attach evidence


Enable consumers to attach evidence when submitting a request to verify their identity and proof of residency.

Set up a system


Set up a system: to verify such requests.

Inform and explain


In the case your business cannot reasonably verify the identity to the appropriate degree of certainty, it must inform the consumer and explain why the request could not reasonably be verified.

Keep records


Keep records of all requests and your business responses for 2 years.

Response Time


Response Time - Standard Period: within 45 days, Extend Period: up to 90 days

Data Security

To fulfil the CCPA regulation, the security team needs to work closely with the database administering team, and a high level data security needs to be provided to the customers. Let us see how a company can achieve this.

Data Security

Contact us to know more about how Techpearl experts can develop software products which satisfies the regulations of California Consumer Privacy Act.